The tremendous increase in the number of cyber-attacks compared with the same period last year. This year the average ransom payment has nearly doubled over the years. Even with the countries which have the most advanced security technologies are also being attacked.

The several Florence officials may have been alerted that their information technology systems were hacked by the hackers who specialize in deploying ransomware.

The mayor mentioned that hackers may have access to the city’s computer systems for more than a month.

The Florence City Council voted unanimously at an emergency meeting that pays the ransom from the city insurance fund in order to preserve the information of city workers and customers.

On May 26, acting on a tip from Milwaukee which held the security KrebsOnSecurity contacted the office of Florence’s mayor to alert them that the Windows 10 system in their IT environment had been commandeered by a ransomware gang.

As Mayor Holt said “ We are having to approach it from the standpoint that we’re going to have to assume -we know they have some of our information, we don’t know that they have critical information frankly don’t think they do but we don’t know”

After that mayor, Holt has confirmed that the city is being deceived by the ransomware gang called DoppelPaymer.

Doopelpaymer has a reputation for never releasing any information once the ransom is paid.

The city will seek proof that the hacker deleted the stolen information.

“Ransom has been a big problem for some time but that was a worrying chapter for me as the Decatur information technology Director Brad Philips said”.

if you feel any suggestions for this article.Please!  let me know in the comment section

The post $300,000 Ransomware paid by city of Florence after attack appeared first on Vednam.

When the whole incident is associated then it is a warning that the improper usage and deployment of careless methods. The issues which become random attacks in NASA will securely affect the intellectual property, individuals as well as the national security data that might be loose by the data breaches.

According to the report which mentioned the Office of Management (OMB), which is currently increasing its security system which causes vulnerability.

The Office of Management and Budget (OMB) also reported that there was a whole of 1,468 cyber conflicts that was recorded at NASA in the year 2019 which OMB also evaluates the government companies as well on a yearly basis.

The same office is also reliable for producing and managing the implementation of strategies, guidelines, and rules on cybersecurity in federal agencies. These conflicts that there are also some conflicts that were reported like email attacks.

Email attacks are one of the most common conflicts which occur in public companies but there are only a few cases of email attackers in NASA that were reported with and the actual case of that type of conflict is improper usages of the service.

The previous year, NASA reinforced the Jet propulsion laboratory which has been hacked after someone at NASA which unauthorized Raspberry Pi to JPL servers. Due to the unauthorized connection leads the hackers to pass from the JPL server to NASA’s deep space network array of the telescopes.

All the attacks and the security incidents have affected the security budgets of NASA which can be handled by the Department of Defense (DOD) which sustained nearly 50% of the federal cybersecurity funds in 2019 which is about $8.5 billion.

Due to heavy attacks the IT structure department which was planned in budget and this time it was $479 million and that was the extra budget if you compare the budget of 2019 with 2018 which was mentioned in the report in 2019.

As per report the agencies re-planning for the development of the departments like technologies diversity, geographical decentralization of the government network that was the leading security. You can’t deny also that the rapid growth of the cyber-attacks which are damaging the public agencies and creating every possible challenge which becomes difficult to fulfill due to the budgets.

As per watching the increase in the rate of the incident of the cyber attack in NASA may put a negative impact and there will be a decrease in budgets that may affect also. Cyber-attacks may hit for 12% to 23%  and that was the alarming point for all. 

The agencies are still running on old code which is an outdated language and the system required the extra funds to maintain it yearly.NASA should focus on managing the department which leads to a decrease in cyber attacks.

If you find any suggestions for this article. Please! Drop it in the comment section.

The post NASA affected by 366% of Cyber attack in 2019 appeared first on Vednam.

The main issue or problem is that the open port used for system debugging grants the root user access to the device. There are no access controls with the network There is the change of exploitation is higher than that. From the vulnerable system administrators, it can remotely exploitable. The attack could be carried by malicious hackers and they don’t need advanced knowledge to execute the campaigns. 

According to the report of the data security “ The most critical Vulnerability was tracked as CVE-2020-12493 and the score received 10/10 according to the Common Vulnerability Scoring System (CVSS) remark the critical Issues.

If this potential attack could lead to catastrophic scenarios then it will create a big disaster because the German-based company which provides services for the transport control which has critical area infrastructure, some part of Europe also.

SWARCO TRAFFIC SYSTEM vulnerabilities found by the security team and start developing the security patch after receiving the report. The company product user can contact the security patch 

After the Updates are ready the cybersecurity expert contact with the team and send him the following steps to mitigate the risk of exploitation :

1. Don’t minimize the network exposure for all the vulnerable control systems.
2. Find the firewalls behind the network and remote device.
3. Try to use Virtual Private Network) VPN If you remotely access the system regularly.

The Company has issued all the report on the Vulnerabilities once they consider the exploitation risk is completely resolved,

The post Hackers Control the Traffic Signals, Just like in Movies appeared first on Vednam.

The hacker mentioned the name “john wick” who had hands in breaching the ZEE5 systems and downloaded 150GB of live data and also stole the source code of the Website.

Mainstream Story

According to the report which is circulated on the internet”the hacker who breached the data has a connection from the Korean hacking group which executed this plan successfully and sold all the data on the hackers’ forums”.

Hackers group shared some of the proof that they have access to the ZEE5’s Private code which are confirmed by the monitoring team and it was said that the access proof is correct the hack happened between the end of February or March.

Few Days after the hackers shared the other sample which is a very serious concern because this sample has the live code secret keys and credentials of the unsecured AWS.

The last breach was also detected on the 24th April 2020 and clearly indicated that the hacker has access to recently subscribed users and the database which contains user details among every state of India.

The database breach which we are talking about has the records of the “Payment Platform”.This is really becoming a big deal for the company that the user data with payment details that mainly harms the users who are connected with the ZEE5.

According to Ralph Wagner “We don’t manage the Zee5 Database and nor the Mysql database which are mentioned. I will investigate the whole breach and then we will share the proper details’

The leaked data includes which such information like :

1. Email Address
2. Mobile Numbers
3. Recent transaction 
4. Passwords

An Email sent to the different news agency which mentions “will expose your database & code in public for the open sale soon”

The Email address si sends from a secure and encrypted email service which cannot be able to trace the email. The mail send from the hacker through “hckindi@tutanota.com “

This email server is used in different campaigns like Dharma ransomware and the same email address which is seen used by the Korean hacker.

This is not the first time this hacking happens with the ZEE5. This all breach happens and the company says or takes any action on the breach.

If you like the Content comment and share it with others. Thank you for reading the article.

The post Zee5 Hacked-150GB Data leaked from Video On demand Platform appeared first on Vednam.

API services have changed and taken the digital world works API helped to make digital coins to make payments wallets to all the e-commerce websites and social networks. API is the best way for anything. There are two teams of APIs: the red team and the blue team that are responsible for making hard security in the field of the cybersecurity market.

Best API services that are available in the market of cybersecurity in 2020.

Google API Safe Browsing 

Safe browsing is Google’s highly respected cybersecurity program which helps to protect users from accessing the phishing domains, challenging sites, and web pages that are infected with malware/virus.

Automatically test pages that are against the safe browsing database by using the safe browsing API which allows detecting the type of threat affecting the webpage. This feature is useful for the user to detect and warn the user before moving to any dangerous website which can avoid the sharing of infected links within their own company.

Features You Get : 

• Proactive scanning and monitoring
• It has the ability to check for other Sites URLs in the Quttera database.
• Hosted and Run in the cloud
• Full-in-depth scan results.
• Integrations REST API returning XML,JSON and YAML based responses.
• Run the multithreading for faster scan speed.

GreyNosie API

The mind behind the GreyNoise is Andrew Morris was interviewed a few days back and they discuss the whole insight. The security researcher as well as the private and public entity which are using GreyNoise to analyze the security-related data from the internet. The system which is developed by Andrew himself has capabilities to collect and analyze the data from several scanners included Shodan.io which palace above several data centers in the world by their own network scanner.

Cloudflare API

When we talk about Cloudflare it was a tremendous job by this company and it influences the cybersecurity sector because it builds a list of cybersecurity APIs without including them. As you read or use Cloudflare on your server basically it uses a proxy-based service that can allow you to improve the company’s site efficiency and protect the device by the cyber attackers.

It provides security to  Domain, DNS and SSL encryption, VPN and successful anti-DDoS solution to concentrate o the powerful high-end DNS and web application firewalls(WAF)

Features of Cloudflare APIs:

• SSL management feature
• Adjust the account security level
• WAF rule configuration
• Tweak ANtiDDoS setting
• DNS firewall management
• Manage the user accounts, role, member, and the subscriber.
• Adjust the account security level
• You set up customs filters.

AlienVault API

This company is the most relied -on threat intelligence firm which is used by security researchers. The API service which provides direct access from their OTX to all critical threat intelligence. You can use all its features which you got online applications.

The Alienvault OTX API is the part of the ALienVAult project which allows you to find threats to your environment with regular threats indicator modified.

Features of Alien APIs :

• The Entries over 19 million threat indicators.
• DirectConnect SDKs(Python, Java, Go)
• Support for Direct Connect Agents
• The support which can old-fashioned HTTP API requests, such as using curl
• Thousands of live API usage examples.

The post Popular Cyber Security APIs for 2020 | What are benefits ? appeared first on Vednam.

On May 29,2020, the first tool kit was launched and named it “Essential Elements: Yourself, The leader” and they followed each month to launch a new toolkit for six months. ToolKit 1 has the role of leadership in the forging culture of cyber readiness in the organization with an emphasis on strategy and investment.

CISA Director mentioned,” We are thankful to all our partners in government and the private sector who played an essential role in the development of the CISA’s Essentials toolkit”.

The main motive of developing this tool is that they want to fill the gaps and provide executives, the tools raise cybersecurity baseline for their teams and organizations they lead.

This is developed in collaboration with small businesses and state or local governments. The Cyber Essentials’ main aim is to equip smaller organizations that can historically have been a part of the national dialogue on cybersecurity.

Cyber Essentials  has two parts :

1. The guiding principle for the leaders to develop a culture of security.
2. There are specific actions for the leaders and their IT professionals to put that culture into actions,

The Six Cyber Essentials Include the list of actionable items that anyone can take advantage of to reduce cyber risks.

1. There is limited damage and restore normal operations quickly.
2. Always make backups and avoid the loss of information in critical operations.
3. Protect your applications and assets…
4. Drive CyberSecurity, culture, and Investment.
5. Develop and highlight the level of security awareness.
6. Ensure who belongs to your Digital workplace access.

CYBER ESSENTIALS

Now, Let’s discuss the cyber Essentials Six Tools which CISA’s going to apply in the upcoming 6 Months.

1. Yourself

As the leader of an organization, this is an essential element. For the leader, it was better to focus on strategy, investment, and culture. The investment drives actions and activities that build and maintain the culture of cybersecurity.

For the IT professional and the Service provider: The IT department guideline is that they determine and find how much of the operations are dependent on IT. Built the trusted relationship with the sector partner and the government agencies for access to timely when cyber threats happen. Always feel and think cyber as a business risk, Led the development of cybersecurity policies.

2. Your Staff

For the leader to develop a heightened level of security awareness and vigilance.

For the IT professional working in the organization must discuss the cybersecurity concepts, terminology, and all things associated with the cybersecurity which make awareness between the employee and they become able to make good choices. They Learned about the phishing and business email compromise. Always keep eyes on the academic qualification of the employee and check the background with depth.

3. Your Systems

For the leader, it has to know the protection of critical assets and applications. For the IT professionals and service providers removed unsupported or unauthorized hardware and software assets.

4. Your Surroundings

As Source, For the leaders who ensure only those who belong to your digital workplace have access. For the IT Professionals granted access and admin permissions based on need-to-know and least privilege.

5. Your Data

For leaders, make backups and avoid loss of information critical to operations. For the IT professionals and services providers, they teach how to protect the data and backups including physical security, encryption, and offline copies.

6. Your Actions Under Stress

For leaders, the limit damage and restore normal operations quickly. For the IT Professional lead development of an internal reporting structure to detect, communicate and contain attack

BootingUp: Things to Do first

Backup data solution that automatically and continuously backs up critical data and system configurations.

Multi-factor Authentication For accessing your systems whenever possible.

Patch & Update management: enable automatic updates whenever possible. Replace unsupported operating systems applications and hardware. Test and deploy patches quickly.

What your thoughts on this article? Please! write down in comment section your views.

The post Cyber Essentials Toolkit released by CISA appeared first on Vednam.

On May 29, 2020, A blog mentioned the underground retailer of data breach spoils and it was also mentioned that the source of the leak was the ministry of the Interior’s Department of Household Registration.

Some of the blogs and news claimed that the news is not really confirmed may because the database which leaked may be removed from the underground marketplace.

Data around 20 million

The database size is around 3.5 GB which contains citizen’s full names, Postal addresses, phone numbers, Genders, Date of Birth, Government IDs according to cyble.

The company claimed that our team found the leaked database on the dark web which was shared by the “Toogod”.The database contained the whole “Taiwan Country home registry DB” which compromised around 20 Million+ records.

As total Taiwan’s population came across 23.8 million.

Cyble also said that we can’t exactly claim that this amount of data leaked only.

According to the cyber attacker, it was claimed that data leaked in 2019, and the last DOB records were from 2008. It was clear that if the whole database leaked then the whole database. After this, you can’t claim that only this amount.

Hence, After more research, they found that some of the records area ‘NULL/empty’ then it is hard to claim the exact recent it is.

Cyble says that it has already acquired the database and may plan to fill the data in the data breach search engine.

According to the source, The Taiwan’s CERT company which is mainly known for Taiwan’s Computer Emergency Response Team that they are still investigating the leak.

If the leaked database is real then it was the largest-ever government data-breaches.

A large portion of the country population was the exposure in 2015 of the similarly personal data belonging to 191 million US voters in a misconfigured.

Taiwan’s Government official statements have not yet come about the data breach but they are investigating for the right portion of information. May they come with good statements and above all the statements are from the resources like news and blog.

If you have any suggestions. Please ! drop the comment below.

The post Taiwan’s Government Data found on Dark Web appeared first on Vednam.

What New happens 

According to the report, From January 1 to April 30, 2020. Google services like file sharing and storage websites and different brand names were around 65% (100,000) being attacked by form-based which makes 4% of all spearing-phishing attacks in the first four months of 2020.

1. Microsoft brands are also used for impersonation and the number of attacks is a total of 13% of attacks: 6% attacks for the onedrive.live.com, 4% for the sway.office.com, and 3% for forms.office.com.
2. The Google Service is also used for victimizing let see which services are:Storage.googleapis.com it is around 25%, docs.google.com it is around 13% and drive.google.com is around 4%
3. The other sites who are popular for some specific services like sendgrid.net are around 10%, mailchimp.com is around 4% and formcrafts.com is around 2% that is also used for impersonation attacks.     

Some other brands

In Between, hackers are using a variety of phishing campaigns to take advantage of the COVID-19 to infect through malware and steal credentials, scams Remote Worker, steal money from the organizations. Till May 2020, the attacker launched different phishing campaigns and many of the users get victimized by them through the brand name.

1. The cyber attacker also victimized LogMeIn by sending fake emails and directed users to a phishing site to compromise LogMeIn account login credentials.
2. The attackers also used Azure AD and Microsoft 365 sign-in pages to launch phishing attacks. The attackers a lot more convincing tactics used by the Cyber attackers
3. The Magellan Health employees are also attacked by the cyber attackers and the client’s data is stolen through malware which included credentials and userid.
4. The Zoom Phishing campaigns are the latest one which mimicked the meeting notifications from the zoom and stole the Microsoft credentials.
5. The Microsoft Teams notifications were also victimized by the cyber attackers and send automated notifications to steal the credentials of the relevant accounts.

How to be safe online

After finding all the problems one thing always remembers that never ever visits the insecure website and please check the URL for the basic protection. Don’t respond to any mail immediately and don’t touch the mail link without any familiar.

The post Remote worker are targeted by cyber criminals appeared first on Vednam.

This happens as usually happened with BHIM payment, when the member of the team left an unencrypted backup of the JRD website on an unsecured Amazon Web Service S3 bucket.

The company mentioned that around or more than 2,700 used data have been accessed, also affecting the joomla.org website.

Impact On Joomla

The best part is that the company said it was confirmed that no financial or sensitive data that has been exposed in the breach. The Internal team of Joomla is tracing the footprints and finding the attacker footmarks for the incident.

There is some list which the backup consists of :

• Full Name
• Business Address
• Company URL
• Nature of the Business
• IP address
• Business Email Address
• Business Phone Number
• Encrypted credentials(Hashed)
• Newsletter subscription preferences

The Company Statement came “ The Most of data was public since users submitted their data with the intention of being part in a public directory. Private data was also included in the breach”

The Audit also specifies that there is a superuser account through which these attacks did but they removed and disable the superuser accounts.

The company also mentioned that there is no authority to the third-party for the access of the database and even though it prompts for reset passwords immediately if the same password is used for unauthorized logins.

The lastly mentioned the apologies for the issues and committed to providing the best security infrastructure for the community.

The Joomla team takes over the data breach and also convenience their user not to worry about the attack and we will figure out for the best data protection system which helps in the future to protect the user data.

The post Joomla Data Breach around 2,700 users were affected appeared first on Vednam.

This happens when the BHIM fails to secure and store the data which is collected from users and businesses in a sign-up campaign.

On April 23, The researcher team at vpnMentor made a hint for the data related campaign that was publicly accessible after being stored in a misconfigured Amazon Web Services S3 bucket.

This was the serious concern that the large scale of data has been exposed and affected millions of people all over India. The Exposed data may be used for potentially devastating fraud, theft, and attack from the hacker and cybercriminals.

The data all exposed are confidential which BHIM app use to open an account like Aadhaar card(India’s national ID card), Caste Certificates, professional and educational certificates, photos used for the of residence, PAN ( Permanent Account Number) which is associated with income tax services and the screenshots of financial and banking apps as proof of fund transfer.

If we talk about the private personal user data contained within these documents that include names, dates of birth, gender, home address, caste status, religion, biometric details, ID photos, fingerprint scan, and social security services.

In February 2019, around 7 Million records from the dating app and every data belong to the underage 18-year-old.

After investing more, they found vpnMentor’s team found around 409 GB of data stored insecurely in BHIM, which operates via the website www.cscbhim.in. The bucket traces back to BHIM as it was labeled as “csc-bhim”.

As the researcher mentioned, “ many weeks later, we contacted CERT-In a second time”. After that, the breach was closed.

 This app is launched in 2016 to facilitate instant e-payments and money transfers between bank accounts via a user’s smartphone. This app is downloaded around 136 million times according to the non-profit business consortium.

The post Million of Data leaked from Indian Payment App appeared first on Vednam.